Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Doctor Web’s November 2020 virus activity review

December 16, 2020

Our November analysis of Dr.Web’s statistics revealed a 1.75% decrease in the total number of threats compared to the previous month. With that, the number of unique threats increased by 5.26%. Users were mostly exposed to adware and trojan downloaders. Email traffic was dominated by various malware that includes a backdoor written in .NET, the Trojan.SpyBot.699 banking trojan, and malicious programs exploiting vulnerabilities in Microsoft Office utilities.

The number of requests to decrypt files affected by trojan encoders decreased by 3.08% compared to October. Trojan.Encoder.26996 was the most active, accounting for 36.68% of all incidents.

Principal trends in November

  • Adware remain among the most active threats
  • A rise in unique malware in email traffic

Threat of the month

In November 2020 Doctor Web virus analysts detected a phishing attack targeting corporate users. The attackers used social engineering to trick possible victims into opening malicious attachments. The emails in question contained trojan malware that covertly install and launch Remote Utilities software. The software components were also included in the attachment. In the event of a successful attack, the affected computers would be vulnerable to unauthorized remote control without any visual signs of a running program.

According to Doctor Web’s statistics service

According to Doctor Web’s statistics service #drweb

The most common threats in November:

Adware.Elemental.17
Adware that spreads through file sharing services as a result of link spoofing. Instead of normal files, victims receive applications that display advertisements and install unwanted software.
Adware.Softobase.15
Installation adware that spreads outdated software and changes the browser settings.
Adware.Downware.19741
Adware that often serves as an intermediary installer of pirate software.
Trojan.LoadMoney.4022
A family of malware installers that deploys additional components on victims’ computers along with the required applications. Some trojan modifications can collect various information about the attacked computer and transmit it to hackers.
Trojan.InstallCore.3949
A family of obfuscated installers that uses unscrupulous methods to distribute the bundled software.

Statistics for malware discovered in email traffic

Statistics for malware discovered in email traffic #drweb

Tool.KMS.7
Hacking tools used to activate illegal copies of Microsoft software.
BackDoor.SpyBotNET.25
A backdoor written in .NET and designed to operate with a file system (to copy, create, delete catalogs, etc.), terminate processes, take screenshots.
Trojan.SpyBot.699
A multi-module banking trojan that allows cybercriminals to download and launch various applications on an infected device and run arbitrary code.
HTML.Fisher.284
An HTML phishing page that includes a form for filling in credentials to access an email account.
W97M.DownLoader.2938
A family of downloader trojans that exploits vulnerabilities in Microsoft Office documents and can download other malicious programs to a compromised computer. It is designed to download other malware onto a compromised computer.

Encryption ransomware

In November, Doctor Web’s virus laboratory registered 3.08% fewer requests to decode files encoded by trojan ransomware than in October.

Encryption ransomware #drweb

Dangerous websites

In November 2020, the database of non-recommended and malicious websites was updated with 154,606 webpages.

October 2020 November 2020 Dynamics
+ 157,076 + 154,606 - 1.57%

Malicious and unwanted programs for mobile devices

In November, Dr.Web’s statistics for Android devices confirmed an almost 5.14% decrease in the total number of threats on protected devices compared with October.

Google Play is still vulnerable to hosting various malicious apps. In the past month Doctor Web virus analysts discovered other trojans within the catalog. They include modifications of Android.Joker capable of running arbitrary code and subscribing Android users to paid services. The multifunctional Android.Mixi.44.origin trojan was also spotted.

The following November events regarding mobile malware are the most noteworthy:

Find out more about malicious and unwanted programs for mobile devices in our special overview.

The Russian developer of Dr.Web anti-viruses
Doctor Web has been developing anti-virus software since 1992
Dr.Web is trusted by users around the world in 200+ countries
The company has delivered an anti-virus as a service since 2007
24/7 tech support

Dr.Web © Doctor Web
2003 — 2021

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125124